Method and system for generation of cryptographic keys and the like
Abstract
A method, and deterministic random bit generator system operating in accordance with the method, for generating cryptographic keys and similar secret cryptographic inputs which are hard to guess. A seed is input from an entropy source; and an initial state is generated as a function of the seed. When a request to generate a cryptographic key is received a current state, where the current state is initially the initial state, is mixed to generate an out put string and a next state and the current state is set to the next state. The requested cryptographic key is generated from the string; and output. These steps can be repeated to generate successive output strings with assurance of forward and backward secrecy. An encryption system including such a generator is also disclosed.
Claims
exact text as granted — not AI-modified1. A method for cryptograghically securing a message comprising:
inputting a seed from an entropy source;
generating an initial state S j as a function of said seed;
generating a next state S j+1 and an output string y j by:
defining a length n for said output string y j , and a parameter HASH_DIGESTSIZE;
setting an integer value m equal to the smallest integer greater than length n divided by HASH_DIGESTSIZE;
if a user input u j is supplied, computing a variable V as a hash(u j |S j ), otherwise if a user input u j is not supplied, computing said variable V as a hash(S j );
setting an index q equal to 1;
computing a variable x as a hash function x=hash(V);
setting a variable w q equal to said variable x;
computing said variable V as a function V=V+1(mod 2 HASH — DIGESTSIZE );
setting said index q equal to q+1;
determining if said index q is equal to m+1, and if not, recomputing the variable x as a hash function x=hash(V) and repeating the setting of variable W q , computing said variable V, and setting said index q equal to q+1;
when said index q is equal to m+1, computing said output string y j as n predetermined bits of a concatenation of variables W q , where q equals 1 to m;
computing a next state S j+1 as a function (f) of V and y j+1 ;
providing said output string y j for use as a cryptographic key;
inputting said cryptographic key and said message to a cryptographic engine; and
using said cryptographic key in said cryptographic engine to cryptographically secure said message.
2. The method of claim 1 , wherein said initial state is generated by mixing said seed with itself.
3. The method of claim 2 , wherein said seed is mixed using a hash function.
4. The method of claim 1 , wherein said function (f)=hash(V+by j+1 +1d), wherein b={0, 1} and dε[0, mod 2 HASH — DIGESTSIZE ].Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.